Search engine poisoning (SEP) is a black hat SEO technique that involves manipulating search engine results pages (SERPs) to distribute malware, spread spam, or drive traffic to malicious websites.

Attackers use various methods to exploit vulnerabilities in search engines and rank malicious web pages for popular search queries.

Examples of Search Engine Poisoning:

  • Keyword stuffing: Attackers create web pages filled with popular keywords and phrases, often related to trending topics or current events, to rank higher in search results. These pages typically contain hidden malware or redirect users to malicious websites.
  • Cloaking: Attackers present different content to search engine crawlers and human users. The page served to crawlers appears legitimate and optimized, while the page served to users contains malware or spam.
  • Link manipulation: Attackers create a network of interlinked websites that point to a malicious website to increase its search engine ranking. They may also use comment spam or forum spam to create backlinks to the malicious site.
  • Malicious JavaScript: Attackers inject malicious JavaScript code into compromised websites, which can redirect users to malware-laden pages or exploit browser vulnerabilities to install malware.
  • Social engineering: Attackers create web pages that mimic legitimate websites, such as online banking or social media platforms, to trick users into entering sensitive information or downloading malware.

Real-world examples:

  • In 2011, attackers used SEP to rank malicious PDFs in Google search results related to the Japanese earthquake and nuclear crisis. Users who clicked on these results were infected with malware.
  • In 2020, researchers discovered an SEP campaign targeting people searching for information about the COVID-19 pandemic. The malicious websites distributed the Agent Tesla remote access trojan (RAT) to steal sensitive information from infected computers.

To protect against Search engine poisoning, search engines continually update their algorithms to detect and remove malicious web pages from search results.

Users should exercise caution when clicking on unfamiliar links, keep their software updated, and use reliable antivirus and anti-malware tools.